We need to optimize this process: When you have stored your password upon log-in, you need to actively log out AND log in again. Then you can simply close the window. The next time you enter app.tutanota.de log in does not happen automatically. Please do not save the password if you want to log in to several accounts.
Thanks for notifying us about the inconvenience.
if you stored your password, please just logout, deactivate "Store password", and login again.
You shouldn't be auto-logged in again afterwards.
the Arabic translation has been completed so we plan to add RTL support as soon as possible. As we have lots of feature requests on our to-do list for the coming months, we cannot give a specific ETA just yet.
If you know anyone who can code and would like to get this done faster, this would be awesome. Here’s the code for a pull request: https://github.com/tutao/tutanota
Thank you very much!
Your Tutanota Team
Which app and which device are you using?
Currently the badge gets an update when you open the ios app. It show the number of unread mails in your inbox.
Thanks for the discussion on this issue and thanks for the pull request. We have had a look at it and how the email address can fit into the sender/recipients line. Unfortunately on mobile devices the space is very limited and adding the email address (name <email_address>) there would not be helpful in many cases. So we decided to add it only in desktop mode. As the pull request does not cover all cases, we will implement it on our own soon.
Thanks for your notice @Anon. It is very similar and we treat it like this, combining the votes in our heads. :)
Unfortunately, codeclimate requests write access to our repositories which is not acceptable. Is there a simple way to embed jslint checks?
@Colin, thanks we did! :)
@Andre Currently there is no filtering, but we plan to add this!
28 votesAdminTutanota Support (Admin, Tutanota) shared this idea ·
18 votesAdminTutanota Support (Admin, Tutanota) responded
Thanks for requesting a feature for further improving the security of Tutanota! We currently use TLS and DANE to protect authentication and integrity data and (only tunneled) RSA and AES to provide additional confidentiality. Neither the confidentiality nor the integrity of your data is currently at risk. In order to increase the security of Tutanota even further, we will implement digital signatures soon.
@Max We do. :) Here is a detailed answer to this report. SInce there is no feasible attack vector, no immediate action is necessary. However, we will improve the discussed issue soon:
This is not a vulnerability in Tutanota. We have built Tutanota with multiple layers of protection for our users. We currently use TLS and DANE to protect authentication and data integrity and (only tunneled) RSA-OAEP and AES-CBC to provide confidentiality. We have always communicated this transparently, it is nothing new. Neither the confidentiality nor the integrity of our users' data has been at risk.
However, we know that the implementation is not perfect regarding this detail. That is why we are going to implement the following features as soon as possible:
- 2-factor authentication
- Algorithms resistant to attacks of quantum computers
- Simple verification of downloaded Tutanota apps
Regarding the described issue, we know of two possible attacks on AES-CBC. Neither of them is feasible against Tutanota users:
- Bit flipping: You need access to the plain text email and you have to be the MITM. - - Plaintexts are available at the sender and recipient only. We use secure TLS algorithms and DANE to protect against MITM.
- Padding oracle: There is no padding oracle in Tutanota.
There is no known vulnerability in Tutanota. Security is the heart of Tutanota, and we will fix vulnerabilities immediately.
@Stephan The android app relies on push from Google. If you get the app directly from us, it won't have push, sorry.
Hi there, it would be possible to build such a feature while keeping your privacy. For instance, we do not have to store the ip address of your account's last login while it could be stored encrypted within your account, only visible to you.
Thanks for your comment. We'll always focus on security and usability, no matter what we'll include. Because everything will use the same encryption technology.
We do, here's the link for direct download: http://tutanota.uservoice.com/knowledgebase/articles/483300-where-can-i-get-the-tutanota-app
Thanks for your feedback, we need to know what browser you are using so that we can reproduce it.
Currently email addresses of persons you send emails to are automatically saved to your address book to make it more convenient.
This is particularly important if you send encrypted mails to non-Tutanota users as the password you shared with them needs to be saved within your account.
We want to create an optional system for login without email address: https://tutanota.uservoice.com/forums/237921-general/suggestions/8258685-enhance-login-security
We opted against blocking usernames for other domains as only the tutanota.de and the tutanota.com domain match. Because of this, we also gave you one alias for free so that you may block your username yourself.
Thanks for your discussion. It's a risk we are willing to take. :) We love the name tutanota and it's meaning, but we also see the need for an easy email address. That's why we are offering additional domains now without changing our branding strategy. Tutanota is the brand - 'secure message' - but just because you like the brand, we do not want to force you to have it in your email address.
Updated the title and description from manual to automatic sync.